etcuserv= $(etcdir)/userv
services= $(etcuserv)/services.d
-TARGETS= service udptunnel-forwarder
+TARGETS= service udptunnel-forwarder blowfishtest
MECHFILES= null pkcs5 timestamp sequence blowfish
MECHOBJS= $(foreach m, $(MECHFILES), mech-$m.o)
OBJS_FORWARD= forwarder.o $(MECHOBJS) blowfish.o automech.c utils.c
+OBJS_BFTEST= blowfishtest.o blowfish.o hex.o
all: $(TARGETS)
udptunnel-forwarder: $(OBJS_FORWARD)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS_FORWARD)
+blowfishtest: $(OBJS_BFTEST)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS_BFTEST)
+
automech.c automech.h: automechgen.sh Makefile
./$< $(MECHFILES)
forwarder.o $(MECHOBJS) automech.o utils.o: forwarder.h automech.h
-blowfish.o mech-blowfish.o: blowfish.h
+blowfish.o mech-blowfish.o blowfishtest.o: blowfish.h
+blowfishtest.o hex.o: hex.h
int main(void) {
char buf[200], keybuf[200], plainbuf[200], cipherbuf[200], comparebuf[200], ivbuf[200];
char keytxt[sizeof(buf)+1], plaintxt[sizeof(buf)+1], ciphertxt[sizeof(buf)+1];
- uint8 key[BLOWFISH_MAXKEYBYTES*2], plain[100], cipher[100], compare[100];
- uint8 iv[BLOWFISH_BLOCKBYTES];
+ uint8_t key[BLOWFISH_MAXKEYBYTES*2], plain[100], cipher[100], compare[100];
+ uint8_t iv[BLOWFISH_BLOCKBYTES];
int keysz, plainsz, ciphersz, cskey, csiv, csplain, i;
struct blowfish_expandedkey ek;
struct blowfish_cbc_state cs;
* <encdec-keys-fd>
* <mtu> <keepalive> <timeout>
* <public-remote-addr> [<public-remote-port>]
- * !<mech1> [<mech1-params> ...]
- * !<mech2> [<mech2-params> ...]
+ * |<mech1> [<mech1-params> ...]
+ * |<mech2> [<mech2-params> ...]
* ''
*
* Remote addr may '' to mean wait to receive a packet and reply to
* w means generate and write encdec keys, rather than reading them
* K means do crypto debug (use with care!)
*
+ * encdec keys datastream has keys for packets from key datastream
+ * writer to reader first, then keys for packets from reader to
+ * writer.
+ *
* Every must be numeric. There is very little argument checking.
*
* Exit status:
static void cdebug(int mechno /*or -1*/, const char *msg) {
if (!crypto_debug) return;
- printf("%s: CRYPTO: %-20s %s\n",
- programid,
+ printf("%-8.8s: CRYPTO: %-20s %s\n",
+ uname_result.nodename,
mechno >= 0 ? mechs[mechno]->name : "",
msg);
}
write_must(encdec_keys_fd,ptr,sz,"write keys datastream");
} else {
read_must(encdec_keys_fd,ptr,sz,"read keys datastream");
+ cdebughex(-1, "random_key", ptr, sz, 0,0,0);
}
}
maxprefix= 0;
i= 0;
while ((arg= *++argv)) {
- arg_assert(*arg++ == '!');
+ arg_assert(*arg++ == '|');
arg_assert(i <= MAXMECHS);
mechs[i]= find_mech(arg);
- cdebug(i,"encsetup");
+ cdebug(i,"writer->reader setup");
argv_save= argv;
- mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix);
+
+ if (encdec_keys_write)
+ mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix);
+ else
+ mechs[i]->decsetup(&md_in[i]);
argv_done= argv;
argv= argv_save;
- cdebug(i,"decsetup");
- mechs[i]->decsetup(&md_in[i]);
+ cdebug(i,"reader->writer setup");
+
+ if (encdec_keys_write)
+ mechs[i]->decsetup(&md_in[i]);
+ else
+ mechs[i]->encsetup(&md_out[i], &maxprefix, &maxsuffix);
assert(argv == argv_done);
#include "hex.h"
-const char *tohex(uint8 *data, int len, char *buf) {
+const char *tohex(uint8_t *data, int len, char *buf) {
char *p;
for (p= buf;
return buf;
}
-void unhex(const char *what, const char *txt, uint8 *datar, int *lenr,
+void unhex(const char *what, const char *txt, uint8_t *datar, int *lenr,
int minlen, int maxlen) {
int l, v;
char buf[3], *ep;
#ifndef HEX__H_INCLUDED
#define HEX__H_INCLUDED
-const char *tohex(uint8 *data, int len, char *buf);
-void unhex(const char *what, const char *txt, uint8 *datar, int *lenr,
+#include <stdint.h>
+
+const char *tohex(uint8_t *data, int len, char *buf);
+void unhex(const char *what, const char *txt, uint8_t *datar, int *lenr,
int minlen, int maxlen);
#endif
#include "blowfish.h"
struct mechdata {
+ unsigned char iv[BLOWFISH_BLOCKBYTES];
struct blowfish_cbc_state cbc;
};
static void mds_blowfish(struct mechdata **md_r) {
struct mechdata *md;
unsigned long keysize;
- unsigned char iv[BLOWFISH_BLOCKBYTES];
unsigned char key[BLOWFISH_MAXKEYBYTES];
XMALLOC(md);
keysize >>= 3;
arg_assert(keysize > 0 && keysize <= BLOWFISH_MAXKEYBYTES);
- random_key(iv,sizeof(iv));
+ random_key(md->iv,sizeof(md->iv));
random_key(key,keysize);
blowfish_loadkey(&md->cbc.ek, key,keysize);
- blowfish_cbc_setiv(&md->cbc, iv);
-
*md_r= md;
}
#define FOREACH_BLOCK(func,inptr,outptr) \
{ \
unsigned char *ptr; \
+ blowfish_cbc_setiv(&md->cbc, md->iv); \
for (ptr= buf->start; \
ptr < buf->start + msgsize; \
ptr += BLOWFISH_BLOCKBYTES) { \
unsigned padlen;
int i;
- BUF_UNPREPEND(padp,buf,1);
+ BUF_UNAPPEND(padp,buf,1);
padlen= *padp;
- if (!padlen || (padlen & ~md->mask)) return "invalid length";
+ if (!padlen || (padlen > md->mask+1)) return "invalid length";
- BUF_UNPREPEND(padp,buf,padlen-1);
+ BUF_UNAPPEND(padp,buf,padlen-1);
for (i=0; i<padlen-1; i++)
if (*++padp != padlen) return "corrupted padding";
#include "forwarder.h"
struct mechdata {
- uint32_t max_skew, max_age;
+ time_t max_skew, max_age;
};
static void mds_timestamp(struct mechdata **md_r) {
return cbuf;
}
} else if (age < 0) {
- if (md->max_skew && age > md->max_skew) {
+ if (md->max_skew && age < -md->max_skew) {
sprintf(cbuf,"too much skew (%lds)",-age);
return cbuf;
}
$encrarg= arg_value($_,'-e');
push @remoteopts, "-e$encrarg";
@thisencryption= split m#/#, $encrarg;
- $thisencryption[0] =~ s/^/\!/;
+ $thisencryption[0] =~ s/^/\|/;
push @encryption, @thisencryption;
} elsif (s/^-m/-/) {
$masq= 1;